Lead, FedRAMP Compliance Programme
Lead, FedRAMP Compliance Programme is required to assist with the overall execution of compliance programs aimed at achieving and maintaining industry accreditations and certifications such as FedRAMP (Moderate & High Impact levels), SOC 2 Type II, ISO, IRAP, and GDPR
- Assist with the overall execution of compliance programs aimed at achieving and maintaining industry accreditations and certifications such as FedRAMP, SOC 2 Type II, ISO, IRAP, and GDPR.
- Assist the team with cultivating strong working relations with industry regulators, accreditation bodies, and authorized auditing firms.
- Demonstrable experience designing, supporting, advising, and assessing the implementation of security controls for a FedRAMP authorized system or other system based on NIST 800-53, 800-37, 800-34, etc.
- Deliver accurate and actionable compliance guidance and direction to internal stakeholders.
- Build strong relationships with cross-functional teams to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency.
- Develop System Security Plans, Continuous Monitoring Plans, and Incident Response Plans in accordance with NIST requirements
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
- Validate information system security plans to ensure NIST control requirements are met
- Drive improvements in existing processes and monitor the measurement and review of internal processes, especially those that affect the quality of the organization's service.
- Facilitate security and privacy risk assessments across our production and corporate environments, enabling security and privacy teams to describe risk in both qualitative and quantitative terms.
- Work on customer and third-party supplier assessments.
- Must be a U.S. Citizen
- Over 6 years of working experience on different compliance frameworks (ISO, NIST, FedRAMP, ISAE, IRAP)
- At least 4 years of them - supporting FedRAMP Cloud Service Providers in either an assessment or advisory role
- 3PAO experience is highly desirable
- Customer service mindset
- Working knowledge of risk assessment fundamentals (impact analysis, residual risk analysis, mitigation strategies)
- Working experience on overall risk management process
- Prior exposure and technical experience with understanding application and infrastructure vulnerabilities; especially in cloud environment